Configuring Single-Sign-On

Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)

The following providers are supported and tested at the moment:

SAML 2.0

OneLogin

Shibboleth

Active Directory Federation Services (ADFS)

Authentication via Environment Variable

Kerberos (mod_auth_kerb)

CAS (see below)

Any other provider that authenticates using the environment variable

While theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix.

Enabling the SSO & SAML app

Warning

Make sure to configure an administrative user that can access the instance via SSO. Logging-in with your regular Nextcloud account won’t be possible anymore, unless you go directly to the URL https://cloud.example.com/log